Device and method for encrypting and decrypting a block of data
Download PDFInfo
 Publication number
 US7499542B2 US7499542B2 US10845063 US84506304A US7499542B2 US 7499542 B2 US7499542 B2 US 7499542B2 US 10845063 US10845063 US 10845063 US 84506304 A US84506304 A US 84506304A US 7499542 B2 US7499542 B2 US 7499542B2
 Authority
 US
 Grant status
 Grant
 Patent type
 Prior art keywords
 mu
 module
 value
 data
 output
 Prior art date
 Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
 Active, expires
Links
Images
Classifications

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
 H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication the encryption apparatus using shift registers or memories for blockwise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
 H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
 H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
 H04L2209/24—Key scheduling, i.e. generating round keys or subkeys for block encryption
Abstract
Description
This application claims priority under 35 U.S.C. § 119 of European Patent Application No. 03011696.6, filed on May 23, 2003, in the European Patent Office, the entire contents of which are incorporated herein by reference.
1. Field of the Invention
The present invention refers to a device and a method for encrypting and decrypting a block of data known as a block cipher, the size of the input block and output block being the same.
This operation is controlled using a key which could either have the same size as the block or could have a different size, generally a larger size.
This invention refers to a symmetrical encryption/decryption method as opposed to the asymmetrical method. The symmetrical method is characterized by using the same key to encrypt and decrypt the data while the asymmetrical method uses a first key to encrypt and a second key to decrypt the data.
2. Description of the Related Art
Well known methods include DES (56 bit key), CAST (128bit key), Blowfish (448bit key), Twofish (256bit key), and Rijndael (also known as AES, 256bit key). Depending on the applications concerned, they have their own advantages and disadvantages.
Several patents have been published describing these methods. U.S. Pat. No. 5,214,703 describes the method known as IDEA™ which is based on a 8.5 rounds operations encryption process for 64 bits block length, each round using 6 subkeys derived from the main key. The core is constituted by a LaiMassey scheme using addition modulo 2^{16}, multiplication modulo 2^{16}+1 and bitwise excusiveOR.
The two major requirements for an encryption method is the robustness against any form of cryptanalysis and the computational speed. One key factor for the robustness is achieved by the diffusion effect, i.e. when one bit is changed in the input data, all the output bits are influenced in an unpredicted manner.
The computational speed is mainly determined by the type of mathematical and logical operations needed. More complex operations (division, multiplication) may prolong the time to execute the encryption process.
The purpose of this invention is to propose a new encryption method which offers a high level of security combined with a high execution speed.
This aim is achieved by a method to encrypt or decrypt blocks of data X to Y, based on a main key R, this method using several serially connected modules, each module using a subkey RA derived from the main key R and comprising the steps of:

 inputting at least two initial values X0L and X0R,
 mixing the at least two values X0L and X0R to form a mixed value X1,
 obtaining a value X2 by mixing a first part RAH of the subkey RA with the value X1,
 obtaining a value X3 by applying the value X2 to a substitution layer, the substitution layer comprising at least one substitution box (sbox), each substitution box containing at least one table of constants for which the input serves as the pointer and the pointed constant serves as the output,
 obtaining a value X4 by using a diffusion box of multipermutation type based on the value X3,
 obtaining a value X5 by mixing a second part RAL of the subkey RA with the value X4,
 obtaining the value X6 by applying to the value X5 a substitution layer,
 obtaining a value X7 by mixing a first part RAH of the subkey RA with the value X6,
 mixing the value X7 with the initial at least two values X0L and X0R to obtain the at least two values X8L and X8R, X8L and X8R representing the output value X8 of the module,
this method using at least two modules, where for each module a new subkey RA is generated from the main key R, the initial values X0 of the first module being a division of the input data X, the output values X8L and X8H of the last module forming the output data Y, and this method further comprising the step of applying to at least one of the value X8L or X8R an orthomorphism function before applying these values to the input X0R and X0L of the next module.
The two main parts of the method are the substitution layer and the multipermutation matrix.
The purpose of the substitution layer is to transform the input value to an output value without a simple algebraic relationship. One very efficient way to implement such a substitution layer consists in using a table containing constants, which can achieve the expected confusion result, as well as a tablelookup strategy.
Since in this embodiment the input data has a length of 32 bits, the number of constants will be 2^{32 }values each of a 32 bit length.
According to a preferred embodiment, the input data is split in groups of 8bit lengths thus reducing the number of constants to 256 bytes.
Then the input data of 32 bits or 64 bits is divided in bytes of 8 bits and applied to the substitution box to obtain an output of 8 bits. The input data is used as an address pointer and the constant pointed to is the output.
Depending on the implementation method, the constant tables are the same for all groups of the input data (32 bit or 64 bit). In another embodiment, the constant tables are different for each group of the input data.
The constants stored in this table are a fixed permutation of numbers which are all different, encoded by a number of bits equal to the table width.
The second main part of the method is the multipermutation matrix. The multipermutation matrix is a square matrix with the property that every possible square submatrix has a determinant different than zero; and the elements of the matrix are elements of a finite field. The mixing operation consists in multiplying a vector of input elements by the matrix, resulting in a vector which is defined to be the output.
The next step is illustrated with the block f32 which has a 32 bit input X1 and a 32 bit output X7 as well as using a subkey RA. The detailed description of this block is given with reference to
The output X7 of the block f32 is applied to the two mixing blocks MX which are connected with the two entries X0L and X0H.
The resulting data X8L and X8R represent the two 64 bits output X8 of the module MOD.
The function of this splitting module SP could be achieved in different ways such as selecting the lowest bits for X0L1 and the highest bits for X0R1, or every odd bit for X0L1 and even bit for X0R1. Other methods of dividing the input data X could be used as long as all the bits of X are comprised in X0L1 and X0R1.
The outputs X0L1 and X0R1 are then used as entries in the first module MOD1. This first module processes the data while using a first subkey RA1. The processing for X0L1 and X0R1 is the same as described according to
The generation of the two subkeys RAH and RAL is made through the splitting module SP. This module has the same function as the one described in
Each of these values X2 a to X2 d are applied to a substitution layer, comprising at least one substitution box (sbox), each substitution box containing a table of constants for which the input serves as the pointer and the constant pointed to serves as the output. The output data is referenced as X3 a, X3 b, X3 c, X3 d (forming the value X3) on
One method to generate this constant table is to use a pseudorandom generator. One should remove all duplicate values so that each constant in this table is unique.
This data is introduced in a diffusion box Mu4 of (4,4) multipermutation type. The output data of this diffusion box is referenced as X4 a, X4 b, X4 c, X4 d respectively (forming the value X4). The diffusion box consists in multiplying the input vector (X3 a, X3 b, X3 c, X3 d) by a square matrix 4×4 Mu4, whose elements belong to the finite field with 256 elements; these elements are denoted Mu(i, j), where i refers to the row index and j to the column index. The result of the multiplication of the vector (X3 a, X3 b, X3 c, X3 d) by the matrix Mu4 is a vector (X4 a, X4 b, X4 c, X4 d) where these values are obtained as follows:
X4a=Mu4(1,1)*X3a+Mu4(1,2)*X3b+Mu4(1,3)*X3c+Mu4(1,4)*X3d
X4b=Mu4(2,1)*X3a+Mu4(2,2)*X3b+Mu4(2,3)*X3c+Mu4(2,4)*X3d
X4c=Mu4(3,1)*X3a+Mu4(3,2)*X3b+Mu4(3,3)*X3c+Mu4(3,4)*X3d
X4d=Mu4(4,1)*X3a+Mu4(4,2)*X3b+Mu4(4,3)*X3c+Mu4(4,4)*X3d
Here “+” denotes the addition in the finite field and “*” its multiplication. The elements of Mu4 are chosen such that the amount of computations needed to evaluate the four above expressions is minimal. The number of multiplications by the constant “1” (thereafter denoted “identities”) has therefore been chosen to be as large as possible.
The data is then mixed with a second part RAL of the subkey RA to obtain a value X5 a, X5 b, X5 c, X5 d (forming the value X5).
Each of these values X5 a to X5 d is then applied to a substitution box (sbox) to obtain a value X6 a, X6 b, X6 c, X6 d (forming the value X6). These values are mixed with a first part RAH of the subkey RA to obtain new values X7 a, X7 b, X7 c, X7 d (forming the value X7).
Then these values X7 a, X7 b, X7 c, X7 d are assembled to form the output data X7 within the assembler module AS as described in respect with
During the encryption process, the main key R is divided into several subkeys, one per module MOD. In the example of
To obtain the data X based on the data Y and the key R, the same process as described in the reference to
According to the general principle of this invention, the number of serially connected modules MOD is not limited to two modules. In order to achieve a good robustness, experience has shown that 9 rounds are optimal to obtain a result which could be qualified as an encryption process. This number could be extended to 12 or more in order to obtain more robustness.
The next step is illustrated with the layer f64 which has two 32 bits input X1L and X1R and two 32 bits output X7L and X7R as well as using a subkey RA. The detailed description of this block is given with the reference to
Each of these outputs is mixed with two input data of the module MOD64 within the same mixing element MX. In our example, the output value X7L is mixed with the input X0LL and X0LR respectively and the output value X7R is mixed with the input X0RI and X0RR respectively. Other mixing combinations are also possible, such as mixing the output value X7L with X0LL and X0RR in a cross configuration.
As far as the substitution box is concerned, there exist different possibilities to realize this function. We have previously described a method uniquely based on a constant table. The first step to reduce the table size is to split the input and to apply this part to a much smaller table.
The example of
In some cases, in particular where the memory size is an issue, other alternatives are sought. Such alternative is described in reference to
The heart of this subsystem is the module TA which comprises a constant table of 2^{(n/2) }elements, each of n/2 bits, in which n is the length of the input value C.
For an input having a length of 8 bits, the constant table comprises 16 (2^{4}) elements, each of 4bit length. These elements are randomly generated, taking into account that each element has a unique value.
The execution of the substitution box uses generally at least two subsystems Cbox, each having a different constant table TA. In the illustrated example, the substitution box is made using three subsystems Cbox and the outputs of the last subsystem has no orthomorphism function OR according to the embodiment.
X4a=Mu8(1,1)*X3a+Mu8(1,2)*X3b+Mu8(1,3)*X3c+Mu8(1,4)*X3d+Mu8(1,5)*X3e+Mu8(1,6)*X3f+Mu8(1,7)*X3g+Mu8(1,8)*X3h;
X4b=Mu8(2,1)*X3a+Mu8(2,2)*X3b+Mu8(2,3)*X3c+Mu8(2,4)*X3d+Mu8(2,5)*X3e+Mu8(2,6)*X3f+Mu8(2,7)*X3g+Mu8(2,8)*X3h;
X4c=Mu8(3,1)*X3a+Mu8(3,2)*X3b+Mu8(3,3)*X3c+Mu8(3,4)*X3d+Mu8(3,5)*X3e+Mu8(3,6)*X3f+Mu8(3,7)*X3g+Mu8(3,8)*X3h;
X4d=Mu8(4,1)*X3a+Mu8(4,2)*X3b+Mu8(4,3)*X3c+Mu8(4,4)*X3d+Mu8(4,5)*X3e+Mu8(4,6)*X3f+Mu8(4,7)*X3g+Mu8(4,8)*X3h;
X4e=Mu8(5,1)*X3a+Mu8(5,2)*X3b+Mu8(5,3)*X3c+Mu8(5,4)*X3d+Mu8(5,5)*X3e+Mu8(5,6)*X3f+Mu8(5,7)*X3g+Mu8(5,8)*X3h;
X4f=Mu8(6,1)*X3a+Mu8(6,2)*X3b+Mu8(6,3)*X3c+Mu8(6,4)*X3d+Mu8(6,5)*X3e+Mu8(6,6)*X3f+Mu8(6,7)*X3g+Mu8(6,8)*X3h;
X4g=Mu8(7,1)*X3a+Mu8(7,2)*X3b+Mu8(7,3)*X3c+Mu8(7,4)*X3d+Mu8(7,5)*X3e+Mu8(7,6)*X3f+Mu8(7,7)*X3g+Mu8(7,8)*X3h;
X4h=Mu8(8,1)*X3a+Mu8(8,2)*X3b+Mu8(8,3)*X3c+Mu8(8,4)*X3d+Mu8(8,5)*X3e+Mu8(8,6)*X3f+Mu8(8,7)*X3g+Mu8(8,8)*X3h;
The position of the orthomorphism function OR with regard to the outputs of the module MOD64 is not decisive. One can select the two left outputs of the two right outputs depending of the implementation of this method.
The output Y is directly obtained from the last module MOD64, without having an orthomorphism function OR in one of these outputs.
In the case that more than two modules MOD64 are used, the orthomorphism function OR is placed between each module MOD64. Even if in the preferred embodiment the position of the orthomorphism function OR is the same regardless of the module number, in another embodiment, the position of these orthomorphism function OR can be changed to be connected to a different output of the module MOD64.
Claims (11)
Priority Applications (2)
Application Number  Priority Date  Filing Date  Title 

EP20030011696 EP1480371A1 (en)  20030523  20030523  Device and method for encrypting and decrypting a block of data 
EP03011696.6  20030523 
Publications (2)
Publication Number  Publication Date 

US20040247117A1 true US20040247117A1 (en)  20041209 
US7499542B2 true US7499542B2 (en)  20090303 
Family
ID=33041000
Family Applications (1)
Application Number  Title  Priority Date  Filing Date 

US10845063 Active 20260215 US7499542B2 (en)  20030523  20040514  Device and method for encrypting and decrypting a block of data 
Country Status (10)
Country  Link 

US (1)  US7499542B2 (en) 
JP (1)  JP4663635B2 (en) 
KR (1)  KR101050670B1 (en) 
CN (2)  CN101944992B (en) 
CA (1)  CA2525591C (en) 
DE (1)  DE602004020333D1 (en) 
DK (1)  DK1627489T3 (en) 
EP (2)  EP1480371A1 (en) 
ES (1)  ES2323702T3 (en) 
WO (1)  WO2004105305A9 (en) 
Cited By (5)
Publication number  Priority date  Publication date  Assignee  Title 

US20060123249A1 (en) *  19990716  20060608  Intertrust Technologies Corporation  Trusted storage systems and methods 
US20100002873A1 (en) *  20050825  20100107  Microsoft Corporation  Cipher For Disk Encryption 
US20100228999A1 (en) *  19990716  20100909  Intertrust Technologies Corporation  Trusted Storage Systems and Methods 
US20110228927A1 (en) *  20100318  20110922  ChiouHaun Lee  Cryptographic Method of Multilayer Diffusion in Multidimension 
RU2632119C1 (en) *  20160602  20171002  Андрей Валерьевич Менячихин  Orthomorphism constructor using paired differences 
Families Citing this family (11)
Publication number  Priority date  Publication date  Assignee  Title 

KR100639764B1 (en)  20050425  20061023  신미영  Block ciphering method 
WO2007008919A3 (en) *  20050711  20071004  Jack Davidson  Method and system for software protection using binary encoding 
EP1873962B1 (en)  20060629  20090819  Incard SA  Method for key diversification on an IC Card 
JP2008058830A (en) *  20060901  20080313  Sony Computer Entertainment Inc  Data converting device, data conversion method, and computer program 
CN101536398B (en)  20061117  20121107  耶德托公司  Cryptographic method for a whitebox implementation 
US20100303231A1 (en)  20070522  20101202  Koninklijke Philips Electronics N.V.  Updating cryptographic key data 
CN101321058B (en)  20070607  20101215  管海明;管海鹰  Method and system for encoding and decoding digital message 
US20080304664A1 (en) *  20070607  20081211  Shanmugathasan Suthaharan  System and a method for securing information 
CN103546282B (en) *  20120712  20161005  黄宜豊  Computing a threedimensional, dynamic feedback control encryption substitution box design 
JP5772934B2 (en) *  20131202  20150902  ソニー株式会社  Data conversion apparatus, and a data conversion method, and computer program 
CN104022872B (en) *  20140409  20150325  广州赛意信息科技有限公司  Data encryption method 
Citations (8)
Publication number  Priority date  Publication date  Assignee  Title 

US5214703A (en)  19900518  19930525  Ascom Tech Ag  Device for the conversion of a digital block and use of same 
US5623549A (en) *  19950130  19970422  Ritter; Terry F.  Cipher mechanisms with fencing and balanced block mixing 
US5727062A (en) *  19950706  19980310  Ritter; Terry F.  Variable size block ciphers 
US5825886A (en) *  19951208  19981020  Entrust Technologies Ltd.  Construction symmetric ciphers using the cast design procedure 
US6189095B1 (en) *  19980605  20010213  International Business Machines Corporation  Symmetric block cipher using multiple stages with modified type1 and type3 feistel networks 
US20020025035A1 (en) *  19980615  20020228  Rivest Ronald L.  Enhanced block ciphers with datadependent rotations 
US20020101986A1 (en) *  20000803  20020801  Roelse Petrus Lambertus Adrianus  Linear transformation for symmetrickey ciphers 
US7039184B2 (en) *  19981127  20060502  Kabushiki Kaisha Toshiba  Encryption/decryption unit and storage medium 
Family Cites Families (3)
Publication number  Priority date  Publication date  Assignee  Title 

US6694025B1 (en)  19990602  20040217  Koninklijke Philips Electronics N.V.  Method and apparatus for secure distribution of public/private key pairs 
CN1327586A (en)  19990903  20011219  皇家菲利浦电子有限公司  Recovery of a master key from recorded published material 
JP3499810B2 (en) *  20000306  20040223  株式会社東芝  Encrypting apparatus, encryption method and computerreadable recording medium and decoding apparatus a program for causing a computer to function as an encryption device, recorded computer readable program for causing a computer to function as a decoding method and apparatus a recording medium which can be 
Patent Citations (8)
Publication number  Priority date  Publication date  Assignee  Title 

US5214703A (en)  19900518  19930525  Ascom Tech Ag  Device for the conversion of a digital block and use of same 
US5623549A (en) *  19950130  19970422  Ritter; Terry F.  Cipher mechanisms with fencing and balanced block mixing 
US5727062A (en) *  19950706  19980310  Ritter; Terry F.  Variable size block ciphers 
US5825886A (en) *  19951208  19981020  Entrust Technologies Ltd.  Construction symmetric ciphers using the cast design procedure 
US6189095B1 (en) *  19980605  20010213  International Business Machines Corporation  Symmetric block cipher using multiple stages with modified type1 and type3 feistel networks 
US20020025035A1 (en) *  19980615  20020228  Rivest Ronald L.  Enhanced block ciphers with datadependent rotations 
US7039184B2 (en) *  19981127  20060502  Kabushiki Kaisha Toshiba  Encryption/decryption unit and storage medium 
US20020101986A1 (en) *  20000803  20020801  Roelse Petrus Lambertus Adrianus  Linear transformation for symmetrickey ciphers 
NonPatent Citations (6)
Title 

Applied Cryptography, Second Edition: protocols, algorithms, and source code in C Bruce Schneier Copyright 1996. * 
Dong Hyeon Cheon, Sang Jin Lee, Jong In Lim, Sung Jae Lee, "New block cipher DONUT using pairwise perfect decorrelation," Progress in CryptologyINDOCRYPT 2000, First International Conference in Cryptology in India, Proceedings (Springer Verlag, Lecture Notes on Computer Science vol. 1977), Dec. 13, 2000, pp. 19, XP002265238. 
Idea NXT, Wikipedia, http://en.wikipedia.org/wiki/IDEANXT Jun. 18, 2005. 
S. Vaudenay, "On the LaiMassey Scheme", Advances in Cryptology, ASIACRYPT'99. International Conference on the Theory and Applications of Cryptology and Information Security, Proceedings, Springer Verlag, Nov. 18, 1999, pp. 89, XP002265237. 
Shannon, Claude. "Communication Theory of Secrecy Systems", Bell System Technical Journal, vol. 28(4), pp. 656715, Oct. 1949. * 
Twofish: A 128Bit Block Cipher B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, N. Ferguson Jun. 15, 1998, pp. 168. * 
Cited By (16)
Publication number  Priority date  Publication date  Assignee  Title 

US8464071B2 (en)  19990716  20130611  Intertrust Technologies Corporation  Trusted storage systems and methods 
US20060123250A1 (en) *  19990716  20060608  Intertrust Technologies Corporation  Trusted storage systems and methods 
US9641490B2 (en)  19990716  20170502  Intertrust Technologies Corporation  Trusted storage systems and methods 
US7681240B2 (en)  19990716  20100316  Intertrust Technologies Corporation  Trusted storage systems and methods 
US7752455B2 (en) *  19990716  20100706  Intertust Technologies Corp.  Trusted storage systems and methods 
US20100228999A1 (en) *  19990716  20100909  Intertrust Technologies Corporation  Trusted Storage Systems and Methods 
US9251365B2 (en)  19990716  20160202  Intertrust Technologies Corporation  Trusted storage systems and methods 
US8904188B2 (en)  19990716  20141202  Intertrust Technologies Corporation  Trusted storage systems and methods 
US8209544B2 (en)  19990716  20120626  Intertrust Technologies Corp.  Trusted storage systems and methods 
US20060123249A1 (en) *  19990716  20060608  Intertrust Technologies Corporation  Trusted storage systems and methods 
US8085933B2 (en) *  20050825  20111227  Microsoft Corporation  Cipher for disk encryption 
US20100002873A1 (en) *  20050825  20100107  Microsoft Corporation  Cipher For Disk Encryption 
US8369515B2 (en) *  20100318  20130205  ChiouHaun Lee  Cryptographic method of multilayer diffusion in multidimension 
US20110228927A1 (en) *  20100318  20110922  ChiouHaun Lee  Cryptographic Method of Multilayer Diffusion in Multidimension 
RU2632119C1 (en) *  20160602  20171002  Андрей Валерьевич Менячихин  Orthomorphism constructor using paired differences 
RU2632119C9 (en) *  20160602  20171122  Андрей Валерьевич Менячихин  Orthomorphism constructor using paired differences 
Also Published As
Publication number  Publication date  Type 

EP1627489B1 (en)  20090401  grant 
EP1627489A1 (en)  20060222  application 
CA2525591A1 (en)  20041202  application 
JP4663635B2 (en)  20110406  grant 
DK1627489T3 (en)  20090713  grant 
JP2007527028A (en)  20070920  application 
KR20060014417A (en)  20060215  application 
EP1480371A1 (en)  20041124  application 
DE602004020333D1 (en)  20090514  grant 
WO2004105305A9 (en)  20060105  application 
ES2323702T3 (en)  20090723  grant 
CN1795638A (en)  20060628  application 
KR101050670B1 (en)  20110719  grant 
US20040247117A1 (en)  20041209  application 
CA2525591C (en)  20121009  grant 
CN101944992A (en)  20110112  application 
WO2004105305A1 (en)  20041202  application 
CN101944992B (en)  20120321  grant 
Similar Documents
Publication  Publication Date  Title 

Satoh et al.  A compact Rijndael hardware architecture with Sbox optimization  
US5511123A (en)  Symmetric cryptographic system for data encryption  
US6314186B1 (en)  Block cipher algorithm having a robust security against differential cryptanalysis, linear cryptanalysis and higherorder differential cryptanalysis  
US7397916B2 (en)  System and method for protecting computer software from a white box attack  
US6125182A (en)  Cryptographic engine using logic and base conversions  
US6185304B1 (en)  Method and apparatus for a symmetric block cipher using multiple stages  
US6304657B1 (en)  Data encryption apparatus using odd number of shiftrotations and method  
US5949884A (en)  Design principles of the shade cipher  
US6182216B1 (en)  Block cipher method  
US20020041685A1 (en)  Data encryption apparatus  
US5351299A (en)  Apparatus and method for data encryption with block selection keys and data encryption keys  
US5003597A (en)  Method and apparatus for data encryption  
US20050232430A1 (en)  Security countermeasures for power analysis attacks  
Lai  On the design and security of block ciphers  
US20040184602A1 (en)  Implementations of AES algorithm for reducing hardware with improved efficiency  
US6324286B1 (en)  DES cipher processor for full duplex interleaving encryption/decryption service  
US20100054461A1 (en)  Systems and methods for implementing block cipher algorithms on attackercontrolled systems  
US6189095B1 (en)  Symmetric block cipher using multiple stages with modified type1 and type3 feistel networks  
US5745577A (en)  Symmetric cryptographic system for data encryption  
US7079651B2 (en)  Cryptographic method and apparatus for nonlinearly merging a data block and a key  
US7295671B2 (en)  Advanced encryption standard (AES) hardware cryptographic engine  
Chow et al.  A whitebox DES implementation for DRM applications  
Biham et al.  Differential cryptanalysis of snefru, khafre, redocii, loki and lucifer  
US20030103626A1 (en)  Programmable data encryption engine  
US20030039357A1 (en)  System and methods for a vernam stream cipher, a keyed oneway hash and a noncyclic pseudorandom number generator 
Legal Events
Date  Code  Title  Description 

AS  Assignment 
Owner name: MEDIACRYPT, AG, SWITZERLAND Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:VAUDENAY, SERGE;JUNOD, PASCAL;REEL/FRAME:015342/0419 Effective date: 20040408 

AS  Assignment 
Owner name: NAGRAVISION SA, SWITZERLAND Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MEDIACRYPT AG;REEL/FRAME:018882/0880 Effective date: 20061122 

FPAY  Fee payment 
Year of fee payment: 4 

FPAY  Fee payment 
Year of fee payment: 8 